Updates for krb5-1.10.6

diff --git a/README b/README
index 0e03bc9783b9df7d6643c1633f0c044393a4f52b..07efb5ddb226267d337d8f101bc20cbc1c1b39f5 100644 (file)
--- a/README
+++ b/README
@@ -70,6 +70,27 @@ from using single-DES cryptosystems.  Among these is a configuration
 variable that enables "weak" enctypes, which defaults to "false"
 beginning with krb5-1.8.
 
+Major changes in krb5-1.10.6 (2013-06-05)
+-----------------------------------------
+
+This is a bugfix release.  The krb5-1.10 release series is in
+maintenance, and for new deployments, installers should prefer the
+krb5-1.11 release series or later.
+
+* Fix a UDP ping-pong vulnerability in the kpasswd (password changing)
+  service.  [CVE-2002-2443]
+
+* Improve interoperability with some Windows native PKINIT clients.
+
+krb5-1.10.6 changes by ticket ID
+--------------------------------
+
+7638    Fix kpasswd UDP ping-pong [CVE-2002-2443]
+7649    Fix transited handling for GSSAPI acceptors
+7658    Ignore missing Q in dh_params
+7659    allow dh_min_bits >= 1024
+7660    Set msg_type when decoding FAST requests
+
 Major changes in krb5-1.10.5 (2013-04-17)
 -----------------------------------------
 
@@ -606,6 +627,7 @@ reports, suggestions, and valuable resources:
     Joel Johnson
     W. Trevor King
     Mikkel Kruse
+    Reinhard Kugler
     Volker Lendecke
     Jan iankko Lieskovsky
     Oliver Loch

diff --git a/src/patchlevel.h b/src/patchlevel.h
index 34d834e249963791293900a41b861845497e11ff..317a5756103f4b3765d8228c646387c3910c16c2 100644 (file)
--- a/src/patchlevel.h
+++ b/src/patchlevel.h
@@ -51,7 +51,7 @@
  */
 #define KRB5_MAJOR_RELEASE 1
 #define KRB5_MINOR_RELEASE 10
-#define KRB5_PATCHLEVEL 5
-#define KRB5_RELTAIL "postrelease"
+#define KRB5_PATCHLEVEL 6
+/* #undef KRB5_RELTAIL */
 /* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "krb5-1.10"
+#define KRB5_RELTAG "krb5-1.10.6-final"